Field of the Invention
The present invention relates to an information processing system that is capable of performing communication at a high security level, a method of controlling the information processing system, an information processing apparatus, and a storage medium.
Description of the Related Art
Conventionally, there has been known an information processing apparatus that is capable of setting a security policy (see e.g. Japanese Patent Laid-Open Publication No. 2011-004117). This information processing apparatus stores an encryption key which does not have a predetermined or higher encryption strength and hence is easy to crack (hereinafter referred to as the “weak key”), and an encryption key having the predetermined or higher encryption strength and hence difficult to crack (hereinafter referred to as the “strong key”), e.g. in a memory. The weak key is an encryption key with a key length not more than 1024 bits, which uses SHA1, MD2, MD4, MD5, DES, 3DES, or RC4 as a hash function and is also generated by an RSA, DSA, or DH algorithm. The strong key is an encryption key with a key length not less than 2048 bits, which uses SHA256 as a hash function.
In the information processing apparatus disclosed in Japanese Patent Laid-Open Publication No. 2011-004117, for example, when a security policy that specifies inhibition of communication at a low security level using the weak key (hereinafter referred to as the “weak key use-inhibiting security policy”) is enabled, communication with the other information processing apparatus, using the stored weak key, is inhibited, but communication with the other information processing apparatus is encrypted by using the stored strong key, whereby communication with the other information processing apparatus is performed at a high security level.
However, there is a case where the information processing apparatus stores only a weak key but does not store a strong key, and if the weak key use-inhibiting security policy is enabled in this case, the information processing apparatus cannot perform communication with the other information processing apparatus. In short, there is a problem that communication at a high security level cannot be performed.